Though most would agree that the digitization of our daily lives has overall been positive, there remains the persistent danger posed by hackers. This risk has ranged from the fairly innocuous (e-mail or Facebook spammers) to the financially ruinous (online bank account and credit card theft), and sometimes even to seizure inducing. However, with the digitization of medical devices – a trend that often awes us by its potential to improve healthcare delivery – the danger associated with hacking may now even be deadly.
At last week’s Black Hat Technical Security Conference, computer security expert and type 1 diabetic Jerome Radcliffe gave a presentation in which he described how he was able to remotely interfere with his own insulin pump and glucose meter.
Radcliffe tackled the problem of hacking the wireless sensors that collect blood sugar information and transmit it to the insulin pump. He had to figure out what kind of chips are used in the sensors. Since the devices emit wireless signals, the manufacturers have to submit designs to the Federal Communications Commission, which investigates whether the device emits anything harmful. Those filings contained valuable information on how the devices operated, Radcliffe said. The data-sheets for the chips also provided good information, and the patent for the $6,000 or so insulin pump was also useful.
Then Radcliffe went through the process of deciphering what the wireless transmissions meant. These transmissions are not encrypted, since the devices have to be really cheap. The transmissions are only 76 bits and they travel at more than 8,000 bits per second. To review the signal, Radcliffe captured the signal with a $10 radio frequency circuit board and then used an oscilloscope to analyze the bits.
He captured two 9-millisecond transmissions that were five minutes apart. But they came out looking like gibberish. He captured more transmissions. About 80 percent of the transmissions had some of the same bits. He reached out to Texas Instruments for help but didn’t have much luck. He told the TI people what he was doing and they decided not to help him.
That was as far as he got on deciphering the wireless signal from the sensor, since there was no documentation that really helped him there. He couldn’t understand what the signal said, but he didn’t need to do that. So he tried to jam the signals to see if he could stop the transmitter. With a quarter of a mile, he figured out he could indeed mess up the transmitter via a denial of service attack, or flooding it with false data.
The problem for manufacturers is that the wireless connection on the insulin pump is also not secure. He wrote a “scanner” program that could query for the device’s wireless signal and it pretty much gave itself away with no encryption to interfere with the scanning. If you can get the serial number of the specific device, you can use that to devise a transmission that issues an instruction to it. Radcliffe can control the pump from a distance. He did it on one device that he owns, not a series of devices, since it was his own personal research. He doesn’t know if some pumps are more secure. He isn’t disclosing the vendor yet, but he will work with the vendor to help create a solution.
Noting that he hacked his own device, Radcliffe added, “That’s another reason I am not disclosing all the technical details. I won’t give out details on how to kill me in the middle of a hacker conference. Lives are at stake here.”
Kerri Morrone Sparling of Six Until Me has an enlightening interview with Jay Radcliffe about his motivations and the implications of what he discovered…
More from VentureBeat: Excuse me while I turn off your insulin pump…
Black Hat presentation description…